Workers in the telecommunications industry interact less with cloud apps during their daily work, compared to people in other industries. However, they are still the biggest victims of cloud malware.
This is evident from a new report from Netskope Threat Labs, which claims that cloud apps are increasingly being exploited in malware attacks, with telecom companies particularly vulnerable.
Based on an analysis of Netskope’s more than 2,500 customers in the telecommunications industry, the report says users in this vertical are uploading and downloading files to cloud apps at a similar rate compared to other industries, while at the same time using fewer apps on average to use. .
Biggest victims
The average telecom user interacts with 24 cloud apps in a given month, the majority of which are in the Microsoft ecosystem (OneDrive, Teams, Outlook).
In fact, OneDrive is the most popular data uploading app; 30% of industry users use it to upload files daily (50% more than average). The same goes for downloads: 35%.
While all organizations, regardless of size or industry, are targets of cloud-based malware, telecom companies are the biggest victims by a margin of 7% compared to all others, Netskope explains. OneDrive and GitHub had the most malware downloads, followed by Outlook. Typically, victims grabbed the remote access trojan (RAT) Remcos, the malicious loader Guloader, and a popular infostealer called AgentTesla.
According to Paolo Passeri, Cyber Intelligence Principal at Netskope, this discrepancy in the percentage of malware delivered stems from a more ‘open attitude’ that telecommunications employees have towards cloud services.
“This open attitude towards online services is also visible in the malware families that target telecom users. Compared to other industries, there are many more malware families targeting this sector,” Passeri explains.
Finally, he said that different cloud services are exploited at different stages of the attack chain, with Guloader, for example, storing the encrypted payload on cloud services, or Gandoreiro abusing Azure to deliver the final payload.